1. /
  2. Security Response/
  3. W32.Gibe.C@mm


Risk Level 2: Low

March 16, 2003
February 13, 2007 11:44:28 AM
Also Known As:
W32.HLLW.Begbie@mm, I-Worm.Gibe.d [KAV]
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
CVE References:

W32.Gibe.C@mm is a variant of W32.Gibe.B@mm. The worm attempts to spread through Email, KaZaA, and IRC. It uses Microsoft Outlook to email itself to all the contacts in the Windows Address Book. W32.Gibe.C@mm will display a message titled, Microsoft Internet Update Pack," if the computer has already been infected with this worm.

The email message has a randomly chosen subject, message, and attachment, which will have either a .exe or .zip file extension. W32.Gibe.C@mm may send itself to some specified new groups, whose URL are carried by the worm.

This threat is written in Microsoft Visual Basic (VB). The VB run-time libraries must be installed on the computer to execute.

NOTE: Definitions dated prior to March 19th, 2003 may detect this threat as W32.HLLW.Begbie@mm.

Antivirus Protection Dates

  • Initial Rapid Release version March 17, 2003
  • Latest Rapid Release version March 17, 2003
  • Initial Daily Certified version March 17, 2003
  • Latest Daily Certified version March 17, 2003
  • Initial Weekly Certified release date March 19, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate


  • Damage Level: Medium


  • Distribution Level: High
Writeup By: Robert X Wang

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report